Login Sign Up

CVE-2020-28969

7.8 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow vulnerability that allows attackers to cause denial of service (DoS) by opening a specially crafted PDF file. This affects users who process untrusted PDF files with this specific software version. The vulnerability can crash the application, disrupting PDF processing operations.

💻 Affected Systems

Products:
  • Aplioxio PDF ShapingUp
Versions: 5.0.0.139
Operating Systems: Windows (presumed based on typical PDF software deployment)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects version 5.0.0.139 specifically. Other versions may not be vulnerable.

📦 What is this software?

Pdf Shapingup by Aplixio

View all CVEs affecting Pdf Shapingup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to denial of service, potentially disrupting business processes that rely on PDF processing with this software.

🟠

Likely Case

Application crash when processing malicious PDF files, requiring restart of the software and potential data loss in unsaved work.

🟢

If Mitigated

Limited impact if software is isolated or used only with trusted PDF sources, with crashes contained to the application instance.

🌐 Internet-Facing: MEDIUM - Risk exists if software processes PDFs from untrusted internet sources, but requires user interaction to open malicious files.
🏢 Internal Only: LOW - Lower risk if used only with internally generated, trusted PDF documents.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to open a malicious PDF file. No public exploit code was found in the provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - check with vendor for updated version

Vendor Advisory: https://www.vulnerability-lab.com/get_content.php?id=2260

Restart Required: Yes

Instructions:

1. Contact Aplioxio vendor for updated version. 2. Uninstall version 5.0.0.139. 3. Install latest patched version. 4. Restart system if required.

🔧 Temporary Workarounds

Restrict PDF Sources

all

Only allow PDF processing from trusted sources and block untrusted PDF files

Application Sandboxing

windows

Run PDF ShapingUp in isolated environment to contain crashes

🧯 If You Can't Patch

  • Replace with alternative PDF processing software
  • Implement strict file validation and only process PDFs from trusted sources

🔍 How to Verify

Check if Vulnerable:

Check software version in Help > About or program properties. If version is exactly 5.0.0.139, system is vulnerable.

Check Version:

Check program properties or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Aplioxio\PDF ShapingUp

Verify Fix Applied:

Verify installed version is different from 5.0.0.139. Test with known safe PDF files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs
  • Unexpected termination events
  • Error messages related to buffer overflow

Network Indicators:

  • Unusual PDF file downloads followed by application crashes

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="PDFShapingUp.exe" AND Version="5.0.0.139"

📊 Metadata

CVE ID: CVE-2020-28969
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: October 22, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28969, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)